go/mailpit
1
0
Fork 0
mirror of https://github.com/axllent/mailpit.git synced 2025-06-04 23:27:32 +02:00
Code Issues Releases Activity

Security: Use strconv.Atoi() for safe string to int conversions

Browse Source
This commit is contained in:
Ralph Slooten 2022-08-06 23:35:58 +12:00
parent 37eec298d7
commit 056bef7d5e
1 changed files with 4 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
server/server.go
View File

@ -156,16 +156,13 @@ func getStartLimit(req *http.Request) (start int, limit int) {
limit = 50 limit = 50
s := req.URL.Query().Get("start") s := req.URL.Query().Get("start")
if n, e := strconv.ParseInt(s, 10, 64); e == nil && n > 0 { if n, err := strconv.Atoi(s); err == nil && n > 0 {
start = int(n) start = n
} }
l := req.URL.Query().Get("limit") l := req.URL.Query().Get("limit")
if n, e := strconv.ParseInt(l, 10, 64); e == nil && n > 0 { if n, err := strconv.Atoi(l); err == nil && n > 0 {
if n > 500 { limit = n
n = 500
}
limit = int(n)
} }
return start, limit return start, limit